Hi >>It is not sufficient. There is setkey(8) in /usr/sbin. It means that >>we cannot protect NFS exported /usr by IPsec. If there is no >>objection, I wish to move setkey(8) into /sbin like NetBSD did. > > tlambert2> This type of order inversion is common. > tlambert2> Can we simply delay exportation until later in the boot process? > tlambert2> Wouldn't this have the same effect? > > Oops, I should explain the situation clearly. The client which mounts > /usr by NFS cannot use IPsec due to lack of setkey(8). I think, you not exactly understand my problem. I not export anything, not protect NFS exported /usr and have ordinary workstation with 40G HD and /usr on it. Using IPSec - hostorical behavior :), and i live without problems on 4.x . But I use NFS exports from others. And, in case if IPSec used between my mashine and NFS server, I can't boot smoothly - booting hold up on mounting NFS until I press Ctrl+C . Patch, which I send, resolve my problem. But I not sure - applicable this patch for diskless ?.... I can't recall when problem appear. All life server runs on 4.8. My mashine will be 4.8 - 5.0 - 5.1 - 5 CURRENT. Now - kern.osreldate: 501113. -- With best wishes, DIGMA sysadmin Oleg Kostyuk aka Cub (OK5-UANIC) [BSD registered user #BSD050664]Received on Sun Nov 16 2003 - 01:10:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:29 UTC